Security Basics
Bad Antivirus Jan 29 2013 03:30PM
sec melis gmail com (3 replies)
Re: Bad Antivirus Jan 30 2013 03:50PM
Michael Peppard (mpeppard impole com) (2 replies)
Running AV via SSH? (Was: Re: Bad Antivirus) Feb 02 2013 08:21PM
Alois Mahdal (alois mahdal 1-ndmail zxcvb cz) (1 replies)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 04 2013 02:13PM
Michael Peppard (mpeppard impole com) (3 replies)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 09 2013 12:41AM
Alois Mahdal (alois mahdal 1-ndmail zxcvb cz) (1 replies)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 09 2013 10:07PM
Terrence O'Connor (terrence oconnor gmail com) (1 replies)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 11 2013 08:08PM
Michael Peppard (mpeppard impole com) (1 replies)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 13 2013 04:31PM
Tracy Reed (treed ultraviolet org) (1 replies)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 14 2013 02:26PM
Michael Peppard (mpeppard impole com) (1 replies)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 16 2013 11:59PM
Tracy Reed (treed ultraviolet org) (1 replies)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 18 2013 08:59PM
Michael Peppard (mpeppard impole com) (1 replies)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 18 2013 10:06PM
Jeffrey Walton (noloader gmail com)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 04 2013 05:38PM
!s3grim (persephane gmx eu)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 04 2013 02:40PM
Rob (synja synfulvisions com)
Re: Bad Antivirus Feb 01 2013 12:09PM
sec milis (sec melis gmail com)
Dear all,

Thank you for all your prompt advices. Actually, I have already
compared the EXE files using many tools like PEView, FileInfo, etc to
ensure that they are different, at least showed by different MD5 hash,
date modified, etc. My basis compare is source package which provided
by the principle. I also looked at PDF report about Sality's family
produced by Symantec that mention about file structure changed by that
malware.What I am trying to proof here is whether the structure of
this files, which already changed, were made by the AV. Because, I am
facing dispute between AV principle vs software principle vs my self
as administrator of the servers. The AV engineer said that their
product just restore the EXE files, nor changed the structure. While
the software engineer said about system unstable because
something/someone has changed the file structure/system
files/registry. This may sounds like forensic proof. Thanks.

Regards,

Ibha ID

On Wed, Jan 30, 2013 at 10:50 PM, Michael Peppard <mpeppard (at) impole (dot) com [email concealed]> wrote:
> To be honest I usually run (or tell someone to) the antivirus on an infected
> machine through a remote connection such as ssh2, or as Windows network
> administrator. That takes care of several issues. Antiviruses are great
> warning systems, but limited, they run locally for instance.
>
> However, if executables are changed or I have a suspicion that the machine
> is rooted, based on the type of infection or behaviour... I backup and scrub
> the computer then reinstall from scratch, preferably with an image.
>
> Playing with viruses and rootkits is fun, but it's playing, not getting the
> mail delivered or clients served.
>
> -Mike
>
>
> On 01/29/2013 10:30 AM, sec.melis (at) gmail (dot) com [email concealed] wrote:
>>
>> Dear folks,
>>
>> I have 3 W2K3 servers, each are running same software binary exe files.
>> One month ago, they infected with some rootkits and viruses which later on I
>> know from antivirus detection this malware called sality, ipz, etc.
>> After installing a new antivirus and revealed the malware, some of my
>> software seems not running as expected. At the moment, I suspect that the
>> malware still there because the AV may not capable to clean them all. I
>> tried using 3 or 4 most popular AV, but all were claimed the servers are
>> clean while my software couldn't run smoothly. In fact, some of exe files
>> has been changed in size while I am not sure whether this changed made by
>> viruses or 'bad' AV I just installed.
>> If I try to proof that my exe files has been changed by this 'bad' AV,
>> does anyone know how to proof this things ? By reversing this exe files, is
>> it possible to get which part of the files has changed ?
>>
>> Thank's
>>
>> Ibha ID
>> Sent from my BlackBerry® smartphone from Sinyal Bagus XL, Nyambung
>> Teruuusss...!
>
>
>
> ------------------------------------------------------------------------

> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL
> certificate. We look at how SSL works, how it benefits your company and how
> your customers can tell if a site is secure. You will find out how to test,
> purchase, install and use a thawte Digital Certificate on your Apache web
> server. Throughout, best practices for set-up are highlighted to help you
> ensure efficient ongoing management of your encryption keys and digital
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------

>

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]
Re: Bad Antivirus Jan 30 2013 07:27AM
Andre Silaghi (andre silaghi googlemail com)
Re: Bad Antivirus Jan 30 2013 06:08AM
iamherevivek gmail com (2 replies)
Re: Bad Antivirus Jan 30 2013 07:24AM
Adam Pal (carpathin wolf gmx net)
Re: Bad Antivirus Jan 30 2013 07:10AM
Melissa Augustine (missy augustine gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus